Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
và cho nhiều mục đích. Trong điều kiện của các trang web thương mại điện tử, họ rất cần thiết với phương pháp kinh doanh được thực hiện, và nhiều trang web không thể hoạt động mà không có họ. Break-in từ các kịch bản CGI yếu có thể xảy ra trong một loạt các ways. | Securing Your Java Code Chapter 7 287 Second from the client end it could be beneficial to not allow the client to send a transaction until the server has finished processing with the last transaction.This will only protect against hackers using your client software. If they write new client software to communicate with your server and figure out your protocol then they could bypass this restriction. Another tactic can be implemented from the server side. Usually with Java when a client contacts the server a new thread is created to handle the transaction.These threads all take up memory and processing power. If someone bombards the server with transactions too many threads could be created which eventually crash the server. A more satisfactory reaction would be to limit the number of threads a server can create. If a client attempts a transaction on the server and the server is overloaded it would just receive a message that the server is busy. Obviously this is better than allowing the server to crash. So how is this implemented in code Imagine a typical ClientThread object that is created each time a client connects class ClientThread public ClientThread Socket client Constructor code here This is how a client thread is typically created. As you see there is no way to limit the number of client threads created using this method. In order to change this we will create what is known as thread pooling. Thread pooling is when we limit the number of threads that can be created. By doing this we essentially create a limited pool of threads to use. In order to implement this we eliminate the public constructor by making it private.This ensures that the constructor cannot be used to create an unlimited number of thread instances. Instead we use a static method called getInstance to get an instance of the object.This method can restrict the number of legal instances that can be created class ClientThread extends Thread www.syngress.com 288 Chapter 7 Securing Your Java .
